

emmanuel82
Membres-
Compteur de contenus
5 -
Inscription
-
Dernière visite
emmanuel82's Achievements

Junior Member (3/12)
0
Réputation sur la communauté
-
Malware defense...encore lui.
emmanuel82 a répondu à un(e) sujet de emmanuel82 dans Analyses et éradication malwares
Voici les rapports des scans : tdsskiller : 16:47:32:921 1664 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 16:47:32:921 1664 ================================================================================ 16:47:32:921 1664 SystemInfo: 16:47:32:921 1664 OS Version: 5.1.2600 ServicePack: 3.0 16:47:32:921 1664 Product type: Workstation 16:47:32:921 1664 ComputerName: EMMANUEL 16:47:32:921 1664 UserName: AP35 16:47:32:921 1664 Windows directory: C:\WINDOWS 16:47:32:921 1664 Processor architecture: Intel x86 16:47:32:921 1664 Number of processors: 1 16:47:32:921 1664 Page size: 0x1000 16:47:32:921 1664 Boot type: Normal boot 16:47:32:921 1664 ================================================================================ 16:47:32:921 1664 main: Driver KLMD successfully unloaded 16:47:33:421 1664 ForceUnloadDriver: NtUnloadDriver error 2 16:47:33:421 1664 ForceUnloadDriver: NtUnloadDriver error 2 16:47:33:421 1664 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 16:47:33:421 1664 main: Driver KLMD successfully dropped 16:47:33:437 1664 main: Driver KLMD successfully loaded 16:47:33:437 1664 Scanning Registry ... 16:47:33:437 1664 ScanServices: Searching service UACd.sys 16:47:33:437 1664 ScanServices: Open/Create key error 2 16:47:33:437 1664 ScanServices: Searching service TDSSserv.sys 16:47:33:437 1664 ScanServices: Open/Create key error 2 16:47:33:437 1664 ScanServices: Searching service gaopdxserv.sys 16:47:33:437 1664 ScanServices: Open/Create key error 2 16:47:33:437 1664 ScanServices: Searching service gxvxcserv.sys 16:47:33:437 1664 ScanServices: Open/Create key error 2 16:47:33:437 1664 ScanServices: Searching service MSIVXserv.sys 16:47:33:437 1664 ScanServices: Open/Create key error 2 16:47:33:437 1664 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 16:47:33:437 1664 UnhookRegistry: Kernel local addr: DC0000 16:47:33:437 1664 UnhookRegistry: KeServiceDescriptorTable addr: E3C020 16:47:33:437 1664 UnhookRegistry: KiServiceTable addr: DEAB9C 16:47:33:437 1664 UnhookRegistry: NtEnumerateKey service number (local): 47 16:47:33:437 1664 UnhookRegistry: NtEnumerateKey local addr: F03B72 16:47:33:437 1664 KLMD_OpenDevice: Trying to open KLMD device 16:47:33:437 1664 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 16:47:33:437 1664 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 16:47:33:437 1664 KLMD_ReadMem: Trying to ReadMemory 0x804FE335[0x4] 16:47:33:437 1664 UnhookRegistry: NtEnumerateKey service number (kernel): 47 16:47:33:437 1664 KLMD_ReadMem: Trying to ReadMemory 0x80501CB8[0x4] 16:47:33:437 1664 UnhookRegistry: NtEnumerateKey real addr: 8061AB72 16:47:33:437 1664 UnhookRegistry: NtEnumerateKey calc addr: 8061AB72 16:47:33:437 1664 UnhookRegistry: No SDT hooks found on NtEnumerateKey 16:47:33:437 1664 KLMD_ReadMem: Trying to ReadMemory 0x8061AB72[0xA] 16:47:33:437 1664 UnhookRegistry: No splicing found on NtEnumerateKey 16:47:33:437 1664 Scanning Kernel memory ... 16:47:33:515 1664 KLMD_OpenDevice: Trying to open KLMD device 16:47:33:515 1664 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 16:47:33:515 1664 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 16:47:33:515 1664 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A1C3A08 16:47:33:515 1664 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects 16:47:33:515 1664 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 89F30BD8 16:47:33:515 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F30BD8 16:47:33:515 1664 KLMD_ReadMem: Trying to ReadMemory 0x89F30BD8[0x38] 16:47:33:515 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A1C3A08 16:47:33:515 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A1C3A08[0xA8] 16:47:33:515 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1800430[0x208] 16:47:33:515 1664 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:47:33:515 1664 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 16:47:33:515 1664 DetectCureTDL3: IrpHandler (1) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 16:47:33:515 1664 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 16:47:33:515 1664 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 16:47:33:515 1664 DetectCureTDL3: IrpHandler (5) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (6) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (7) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler ( addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 16:47:33:515 1664 DetectCureTDL3: IrpHandler (10) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (11) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (12) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (13) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 16:47:33:515 1664 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 16:47:33:515 1664 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 16:47:33:515 1664 DetectCureTDL3: IrpHandler (17) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (18) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (19) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (20) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (21) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 16:47:33:515 1664 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 16:47:33:515 1664 DetectCureTDL3: IrpHandler (24) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (25) addr: 804F355A 16:47:33:515 1664 DetectCureTDL3: IrpHandler (26) addr: 804F355A 16:47:33:515 1664 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:47:33:515 1664 KLMD_ReadMem: DeviceIoControl error 1 16:47:33:515 1664 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:47:33:515 1664 TDL3_FileDetect: Processing driver: Disk 16:47:33:515 1664 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 16:47:33:515 1664 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 16:47:33:515 1664 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 16:47:33:531 1664 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89DB8270 16:47:33:531 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DB8270 16:47:33:531 1664 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 89F358B8 16:47:33:531 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89F358B8 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0x89F358B8[0x38] 16:47:33:531 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A064288 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A064288[0xA8] 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1B8C868[0x208] 16:47:33:531 1664 16:47:33:531 1664 DetectCureTDL3: IrpHandler (0) addr: B8DE00AA 16:47:33:531 1664 DetectCureTDL3: IrpHandler (1) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (2) addr: B8DE00DA 16:47:33:531 1664 DetectCureTDL3: IrpHandler (3) addr: B8DE015E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (4) addr: B8DE015E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (5) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (6) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (7) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler ( addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (9) addr: B8DE015E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (10) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (11) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (12) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (13) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (14) addr: B8DE010A 16:47:33:531 1664 DetectCureTDL3: IrpHandler (15) addr: B8DE0134 16:47:33:531 1664 DetectCureTDL3: IrpHandler (16) addr: B8DE015E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (17) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (18) addr: B8DE006C 16:47:33:531 1664 DetectCureTDL3: IrpHandler (19) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (20) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (21) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (22) addr: B8DE01A8 16:47:33:531 1664 DetectCureTDL3: IrpHandler (23) addr: B8DE01D2 16:47:33:531 1664 DetectCureTDL3: IrpHandler (24) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (25) addr: B8DCF48E 16:47:33:531 1664 DetectCureTDL3: IrpHandler (26) addr: B8DCF48E 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:47:33:531 1664 KLMD_ReadMem: DeviceIoControl error 1 16:47:33:531 1664 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:47:33:531 1664 16:47:33:531 1664 16:47:33:531 1664 16:47:33:531 1664 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A198C68 16:47:33:531 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A198C68 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A198C68[0x38] 16:47:33:531 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A1C3A08 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A1C3A08[0xA8] 16:47:33:531 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1800430[0x208] 16:47:33:531 1664 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:47:33:531 1664 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 16:47:33:531 1664 DetectCureTDL3: IrpHandler (1) addr: 804F355A 16:47:33:531 1664 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 16:47:33:531 1664 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (5) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (6) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (7) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler ( addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (10) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (11) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (12) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (13) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 16:47:33:546 1664 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 16:47:33:546 1664 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (17) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (18) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (19) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (20) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (21) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 16:47:33:546 1664 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 16:47:33:546 1664 DetectCureTDL3: IrpHandler (24) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (25) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (26) addr: 804F355A 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:47:33:546 1664 KLMD_ReadMem: DeviceIoControl error 1 16:47:33:546 1664 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:47:33:546 1664 TDL3_FileDetect: Processing driver: Disk 16:47:33:546 1664 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 16:47:33:546 1664 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A199C68 16:47:33:546 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A199C68 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A199C68[0x38] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A1C3A08 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A1C3A08[0xA8] 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1800430[0x208] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:47:33:546 1664 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 16:47:33:546 1664 DetectCureTDL3: IrpHandler (1) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 16:47:33:546 1664 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (5) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (6) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (7) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler ( addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (10) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (11) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (12) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (13) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 16:47:33:546 1664 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 16:47:33:546 1664 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (17) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (18) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (19) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (20) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (21) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 16:47:33:546 1664 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 16:47:33:546 1664 DetectCureTDL3: IrpHandler (24) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (25) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (26) addr: 804F355A 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:47:33:546 1664 KLMD_ReadMem: DeviceIoControl error 1 16:47:33:546 1664 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:47:33:546 1664 TDL3_FileDetect: Processing driver: Disk 16:47:33:546 1664 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 16:47:33:546 1664 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A1A8C68 16:47:33:546 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1A8C68 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A1A8C68[0x38] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A1C3A08 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A1C3A08[0xA8] 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1800430[0x208] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 16:47:33:546 1664 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 16:47:33:546 1664 DetectCureTDL3: IrpHandler (1) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 16:47:33:546 1664 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 16:47:33:546 1664 DetectCureTDL3: IrpHandler (5) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (6) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (7) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler ( addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (10) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (11) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (12) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (13) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 16:47:33:546 1664 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 16:47:33:546 1664 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 16:47:33:546 1664 DetectCureTDL3: IrpHandler (17) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (18) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (19) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (20) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (21) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 16:47:33:546 1664 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 16:47:33:546 1664 DetectCureTDL3: IrpHandler (24) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (25) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (26) addr: 804F355A 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 16:47:33:546 1664 KLMD_ReadMem: DeviceIoControl error 1 16:47:33:546 1664 TDL3_StartIoHookDetect: Unable to get StartIo handler code 16:47:33:546 1664 TDL3_FileDetect: Processing driver: Disk 16:47:33:546 1664 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 16:47:33:546 1664 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 16:47:33:546 1664 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A1AEAB8 16:47:33:546 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1AEAB8 16:47:33:546 1664 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A27A210 16:47:33:546 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A27A210 16:47:33:546 1664 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A280D98 16:47:33:546 1664 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A280D98 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A280D98[0x38] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT addr: 8A27A598 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0x8A27A598[0xA8] 16:47:33:546 1664 KLMD_ReadMem: Trying to ReadMemory 0xE1004250[0x208] 16:47:33:546 1664 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 16:47:33:546 1664 DetectCureTDL3: IrpHandler (0) addr: B9E19B40 16:47:33:546 1664 DetectCureTDL3: IrpHandler (1) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (2) addr: B9E19B40 16:47:33:546 1664 DetectCureTDL3: IrpHandler (3) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (4) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (5) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (6) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (7) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler ( addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (9) addr: 804F355A 16:47:33:546 1664 DetectCureTDL3: IrpHandler (10) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (11) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (12) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (13) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (14) addr: B9E19B40 16:47:33:562 1664 DetectCureTDL3: IrpHandler (15) addr: B9E19B40 16:47:33:562 1664 DetectCureTDL3: IrpHandler (16) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (17) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (18) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (19) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (20) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (21) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (22) addr: B9E19B40 16:47:33:562 1664 DetectCureTDL3: IrpHandler (23) addr: B9E19B40 16:47:33:562 1664 DetectCureTDL3: IrpHandler (24) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (25) addr: 804F355A 16:47:33:562 1664 DetectCureTDL3: IrpHandler (26) addr: 804F355A 16:47:33:562 1664 KLMD_ReadMem: Trying to ReadMemory 0xB9E17864[0x400] 16:47:33:562 1664 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 16:47:33:562 1664 TDL3_FileDetect: Processing driver: atapi 16:47:33:562 1664 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 16:47:33:562 1664 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 16:47:33:562 1664 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 16:47:33:578 1664 Completed Results: 16:47:33:578 1664 Infected objects in memory: 0 16:47:33:578 1664 Cured objects in memory: 0 16:47:33:578 1664 Infected objects on disk: 0 16:47:33:578 1664 Objects on disk cured on reboot: 0 16:47:33:578 1664 Objects on disk deleted on reboot: 0 16:47:33:578 1664 Registry nodes deleted on reboot: 0 16:47:33:578 1664 MBAM : Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3479 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 02/01/2010 18:03:51 mbam-log-2010-01-02 (18-03-51).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 218010 Temps écoulé: 46 minute(s), 59 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 15 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Menu Démarrer\Programmes\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\AP35\Local Settings\temp\settdebugx.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Local Settings\temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Local Settings\Temporary Internet Files\Content.IE5\0WQ9L5EX\eH8b9e8f77V01f0b536002Ra5a024c7102Tc0a1a04bQ000002f3901801F0016000aJ0d00060 1l000c318U391c0c450[1] (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Local Settings\Temporary Internet Files\Content.IE5\EE8002DP\eH8b9e8f77V01f0b536002Ra5a024c7102Tc0a1a059Q000002f3901801F0016000aJ0d00060 1l000c30dP000301080[1] (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Alcohol Soft\Alcohol 120\crack\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\mdefense.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\mdext.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Program Files\Malware Defense\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\help.ico (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Program Files\malware Defense\md.db (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Menu Démarrer\Programmes\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Menu Démarrer\Programmes\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Menu Démarrer\Programmes\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\AP35\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Suis-je maintenant clean ? -
Malware defense...encore lui.
emmanuel82 a répondu à un(e) sujet de emmanuel82 dans Analyses et éradication malwares
Merci de ta réactivité Au lancement de tdsskiller j'ai une fenetre dos qui apparait en me disant : "hidden service detected : H8SRTd.sys Type "delete" (without quote) to delete it" Dois-je "deleter" ? EDIT : après un 2ème essai il m'affiche correctement le scan. Je suis les indication et poste tout ça. -
Bonjour, Bonne année 2010 à toute la communauté Pour bien commencer la nouvelle décennie j'ai attrapé un malware m'ouvrant en permanence des fenêtres intempestives. J'ai fais un scan avec vundo qui m'indique que je ne suis pas infecté. Si quelqu'un se sent l'âme généreuse, voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 16:00:20, on 02/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\PixArt\PAC7311\Monitor.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\AP35\LOCALS~1\Temp\settdebugx.exe C:\Program Files\Malware Defense\mdefense.exe C:\DOCUME~1\AP35\LOCALS~1\Temp\wscsvc32.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\AP35\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\AP35\Mes documents\téléchargement log\HJTInstall.exe C:\Documents and Settings\AP35\Mes documents\téléchargement log\HJTInstall.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file) O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file) O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\AP35\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\AP35\LOCALS~1\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BA61D5CF-CE29-4FA9-9050-BFB7FDC3BC84}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{C8240C6D-C2FC-4169-A515-32808EB81512}: NameServer = 212.27.40.241,212.27.40.240 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 13857 bytes Merci de votre aide, Bonne journée, Emmanuel
-
Bonjour, Depuis plusieurs jours je n'arrive plus à me connecter à internet. Je suis sous vista et me connecte via une freebox HD soit en Ethernet soit en wifi. Ma connection est active et fonctionne normalement puisque je me connecte correctement d'un autre ordinateur. C'est arrivé subitement, cela peut il être du à un virus qui bloquerait mon accès ? Je poste un scan Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:10, on 05/03/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Users\Mimo\AppData\Local\Temp\ARC1BDD\HijackThis.exe C:\Users\Mimo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Hewlett-Packard Company - (no file) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10154 bytes Merci de votre aide. Bonne journée E.
-
Bonjour, Je suis infécté par storage Protector, j'ai fais un scan avec Mcafee et mis en quarantaine les fichiers détéctés. J'ai également lancé VundoFix et supprimé les fichiers indiqués. Apparement les virus sont toujours présents et bien qu'ayant consulté pas mal de forum je n'ai aucune idée sur la façon de m'en débarasser. Merci de votre aide Voici mon rapport de scan HJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:29:32, on 06/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\Mcafee\MWL\MWLGui.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Mcafee\MWL\MwlSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D1094B3-3642-4016-A130-FB6087AF7C83} - C:\WINDOWS\system32\pmkhh.dll (file missing) O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {ec0baea7-00a7-a66a-3bc4-ffaee73f4b38} - {83b4f37e-eaff-4cb3-a66a-7a007aeab0ce} - C:\WINDOWS\system32\qdmokvut.dll (file missing) O2 - BHO: (no name) - {8E7C8BB4-1611-4BF6-9A1D-367C21BD1817} - C:\WINDOWS\system32\ssqpp.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/ O21 - SSODL: SrvSrv - {6a316afa-fa43-4e1d-b39b-dfecd59b7cf2} - C:\WINDOWS\Installer\{6a316afa-fa43-4e1d-b39b-dfecd59b7cf2}\SrvSrv.dll O21 - SSODL: zip - {62229e45-a71a-4950-9e2f-edf08f37aa78} - C:\WINDOWS\Installer\{62229e45-a71a-4950-9e2f-edf08f37aa78}\zip.dll O21 - SSODL: SetupDrive - {1304f656-db51-44ed-987f-ef8ce8a34fc4} - C:\WINDOWS\Installer\{1304f656-db51-44ed-987f-ef8ce8a34fc4}\SetupDrive.dll O21 - SSODL: WinPrx - {c4de259b-bda8-45cc-9ebe-0167db18de73} - C:\WINDOWS\Installer\{c4de259b-bda8-45cc-9ebe-0167db18de73}\WinPrx.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe